At 11:27 AM 3/16/2004, Ben Laurie wrote:
Justin Erenkrantz wrote:
--On Monday, March 15, 2004 10:52 AM +0000 Ben Laurie <[EMAIL PROTECTED]> wrote:
It is? How? Unless the committer signs (which ISTR was rejected as an option when I suggested it, so I'm assuming that doesn't happen), then they must be signed by the server - a successful attacker can therefore sign his modifications, too. Or am I missing something? (I don't use subversion yet, so forgive me if the answer is obvious).
We're talking about ensuring the integrity of the repository here, not whether malicious people can commit.
I know.
Uhm I beg to differ - I care about both issues :)
I didn't say I didn't care! I said I knew what we were talking about. I also care about malicious users.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
